CVE-2006-1520

Name of the Vulnerable Software and Affected Versions: libspf versions prior to 1.0.0-p5

Description: The issue is related to a format string vulnerability in the ANSI C Sender Policy Framework library. When debugging is enabled, remote attackers can execute arbitrary code via format string specifiers, possibly in an e-mail address.

Recommendations: For versions prior to 1.0.0-p5, update to version 1.0.0-p5 or later to resolve the issue. As a temporary workaround, consider disabling debugging in the libspf library until a patch is applied.